Download our free Firewall Vendor Report based on nearly 500 real user experiences.
Cisco and Juniper Networks both offer industry-leading next-generation firewalls (NGFWs). Both firewalls provide essential features to meet enterprise security needs, and both made eSecurity Planet’s list of leading NGFW vendors. Still, there are significant strengths and weaknesses to each offering. What follows is a look at the features of each solution, along with a look at their key differentiators.
The Bottom Line
Both Cisco and Juniper get enthusiastic responses from customers and industry analysts. Cisco’s support network consistently gets high marks, and its products are a particularly good fit for companies seeking a broad range of security services that integrate with the firewall. Juniper users praise the solution’s ease of configuration and rich interface, and the company is a good shortlist candidate for enterprises seeking high throughput and advanced routing support at a low price.
Still, NSS Labs testing raised concerns about the cost-effectiveness of both solutions. The company rates both products with a higher total cost of ownership (TCO) and lower security effectiveness than some competitors, and was unable to rate Juniper’s products at all in its most recent ranking.
Cisco Product Highlights
Overview: Cisco’s Firepower NGFWs are designed to detect and mitigate attacks with deep visibility and advanced security capabilities, while maintaining optimal network performance and uptime. Key differentiators lie in the areas of threat intelligence, visibility and advanced security capabilities. The company’s NGFWs are available as hardware appliances and as virtual appliances for cloud deployments.
Recent developments: Recent updates to Cisco’s Firepower Device Manager have added site-to-site VPN for branch deployments, IPS signature tuning for false positives, and SSL decryption in software for encrypted traffic. A new Firepower Migration Tool has also been introduced to help legacy ASA firewall customers upgrade to a new NGFW.
Analysts’ take: Gartner says Cisco is a good shortlist candidate for most enterprise use cases, particularly when enterprises are seeking to deploy a broad range of security services that interact with the firewall. Clients consistently rate the Cisco support network as excellent, citing it as a reason for loyalty to Cisco security products. Still, many customers cite complex and confusing licensing as a negative, and some express frustration with the complexity of having to use Cisco Security Manager for older firewalls and the Firepower Management Center for newer ones.
See our in-depth look at Cisco’s Firepower NGFWs.
Juniper Product Highlights
Overview: The Juniper Networks SRX Series NGFWs combine high-performance security with integrated services for application security, intrusion protection and advanced threat detection for organizations of all sizes, including enterprise data center, campus and branch, service provider infrastructure and cloud deployments. In addition to its SRX hardware, Juniper offers the vSRX virtual firewall and the cSRX for containerized environments.
Recent developments: Juniper recently introduced the SRX4600 NGFW, which is optimized for private and hybrid cloud deployments and integrated with the company’s Junos Space Security Director. Juniper’s SRX NGFWs also now feed directly into the Advanced Threat Protection (ATP) appliance, enabling the aggregation and correlation of security events from Juniper and third-party sources into a consolidated timeline view of all threats in the network.
Analysts’ take: Gartner says Juniper is a good shortlist candidate for enterprises seeking high throughput at a low price, along with the ability for the firewall to support advanced routing scenarios. Customers praise the SRX’s ease of configuration and rich interface, often citing them as primary reasons for selection and continued usage. Still, Gartner clients say Juniper lags behind its major competitors in releasing new security features, and it’s been late to market compared to competitors in areas such as public cloud support and VMware NSX integration (though both were recently announced).
See our in-depth look at Juniper Networks SRX Series NGFWs.
NGFW Product Ratings
Here are eSecurity Planet’s ratings of each solution’s key features.
Security performance: NSS Labs’ 2018 test results are inconclusive regarding these products – the company was unable to measure the effectiveness of Juniper’s NGFW products, while the Cisco Firepower 4120 received a 71.8 percent security effectiveness rating, due largely to its failure to block three out of 190 evasion techniques tested. In NSS’ 2017 tests, the Cisco Firepower 4110 received a 95.5 percent security effectiveness rating, while the Juniper SRX 4200 was rated at 37.8 percent, due largely to its failure to protect against RPC fragmentation, HTML obfuscation, and HTTP evasion techniques.
Performance: Similarly, while Cisco was rated by NSS Labs at 5,291 Mbps and Juniper was unrated in NSS’ 2018 testing, NSS’ 2017 tests rated the Cisco Firepower 4120 at 2,495 Mbps and the Juniper SRX 4200 at 1,955 Mbps.
Value: NSS Labs’ 2018 testing rated Cisco’s total cost of ownership (TCO) at $28 per protected Mbps, and was unable to rate Juniper. In its 2017 testing, NSS rated Cisco’s TCO per protected Mbps at $21, and Juniper at $105.
Implementation and management: Juniper customers cite the SRX’s ease of configuration and rich interface as primary reasons for choosing and continuing to use the product, and several Cisco users similarly cite the UI as a key strength. Still, some Cisco customers express frustration with having to use Cisco Security Manager to manage older models and the Firepower Management Center for newer ones, and customers and partners cite Cisco’s complex and confusing licensing as a significant negative.
Support: While customers of both companies give positive reviews for vendor support, Gartner reports that Cisco’s support network is so strong that it’s often cited as a key justification for loyalty to Cisco security products.
Cloud Features: Both solutions offer virtual appliances and a range of cloud functionality. Juniper’s container-focused cSRX firewall is a unique offering.
Cisco’s NGFWs are available as hardware appliances, with the Firepower Defense Manager on-box solution or the Firepower Management Center for centralized management. Virtual and public cloud solutions are also available with the Firepower NGFW Virtual (NGFWv).
Juniper’s NGFWs are available in a broad range of options, from all-in-one, integrated physical and virtual security networking devices (SRX, vSRX and cSRX) to highly scalable, chassis-based data center solutions.
Cisco’s firewalls start at under $1,000, with pricing as low as $35 per month with Cisco EasyPay leasing. The Firepower 4120 tested by NSS sells for approximately $100,000.
Juniper’s lower-end appliances start around $300, while the high-end SRX 5800 stars around $60,000. The company offers a 60-day free trial of its vSRX virtual firewall solution.